Closed Bug 1681585 Opened 5 years ago Closed 5 years ago

Update ECH implementation to draft-09

Categories

(NSS :: Libraries, enhancement, P1)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kjacobs, Assigned: kjacobs)

References

(
URL
)

Details

Attachments

(2 files)

Bug 1681585 - Update ECH to Draft-09.
48 bytes, text/x-phabricator-request
Details | Review
Bug 1681585 - Add ECH support to selfserv.
48 bytes, text/x-phabricator-request
Details | Review

NSS 3.60 contains an implementation of the latest ECH draft (draft-ietf-tls-esni-08). This bug tracks the next update to -09.

Depends on D99277

Usage example:
mkdir dbdir && cd dbdir
certutil -N -d .
certutil -S -s "CN=ech-public.com" -n ech-public.com -x -t "C,C,C" -m 1234 -d .
certutil -S -s "CN=ech-private-backend.com" -n ech-private-backend.com -x -t "C,C,C" -m 2345 -d .
../dist/Debug/bin/selfserv -a ech-public.com -a ech-private-backend.com -n ech-public.com -n ech-private-backend.com -p 8443 -d dbdir/ -X ech-public.com
(Copy echconfig from selfserv output and paste into the below command)
../dist/Debug/bin/tstclnt -D -p 8443 -v -A tests/ssl/sslreq.dat -h ech-private-backend.com -o -N <echconfig> -v

Depends on D101049

https://hg.mozilla.org/projects/nss/rev/ed07a2e2a124fd3542fa4467de1da35c7e7f53de
https://hg.mozilla.org/projects/nss/rev/92dcda94c1d4688edad2c094d505cd253757c0d4

Planning a minor API tweak under a separate bug.

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.62
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: